Avaya Solution & Interoperability Test Lab Application Notes for INI IDReset TM with Avaya Aura Experience Portal Issue 1.0 Abstract These Application Notes describe the configuration steps required to integrate the INI IDReset TM with Avaya Aura Experience Portal. The INI IDReset TM is a self-service application for resetting password via Phone. Readers should pay attention to section 2, in particular the scope of testing as outlined in Section 2.1 as well as the observations noted in Section 2.2, to ensure that their own use cases are adequately covered by this scope and results. Information in these Application Notes has been obtained through DevConnect compliance testing and additional technical discussions. Testing was conducted via the DevConnect Program at the Avaya Solution and Interoperability Test Lab in Westminster, CO. 1 of 16
1. Introduction These Application Notes describe the configuration steps required to integrate the INI IDReset TM with Avaya Aura Experience Portal. INI IDReset TM is a self-service application which provides a mechanism for users to reset their Active Directory passwords either by phone or website. IDReset is an application that is installed on a Microsoft Windows application server and runs via Experience Portal. Users enroll in IDReset by selecting and responding to a series of personal challenge questions. When users forget their passwords, they call the application to verify their identity by correctly answering the established personal questions. Once authenticated, the user is given a new temporary password. Users must then log into Active Directory and create a new permanent password. 2 of 16
2. General Test Approach and Test Results This section describes the interoperability compliance testing used to verify the INI IDReset application with Experience Portal. DevConnect Compliance Testing is conducted jointly by Avaya and DevConnect members. The jointly-defined test plan focuses on exercising APIs and/or standards-based interfaces pertinent to the interoperability of the tested products and their functionalities. DevConnect Compliance Testing is not intended to substitute full product performance or feature testing performed by DevConnect members, nor is it to be construed as an endorsement by Avaya of the suitability or completeness of a DevConnect member s solution. 2.1. Interoperability Compliance Testing Interoperability compliance testing included feature and serviceability testing. The feature testing focused on the following functionality: Users ability to reset their password via a phone IDReset s ability to correctly authenticate users Calls from SIP, H.323, Digital and Analog endpoints The serviceability testing focused on verifying the ability of INI IDReset and Experience Portal to recover from adverse conditions, such as power failures and disconnecting cables to the IP network. 2.2. Test Results All test cases passed. Avaya Aura Experience Portal was successful in running INI IDReset. 3 of 16
3. Support To obtain technical support for INI IDReset, contact Interactive Northwest via web, email or phone. Web: http://www.interactivenw.com/support.php Email: support@interactivenw.com Phone: (800) 808-8090, say Support 3.1. Reference Configuration Figure 1 illustrates the configuration used for testing. In this configuration, Avaya Aura Experience Portal interfaces with Avaya Aura Communication Manager via H.323. The INI IDReset TM server was connected on the same LAN. Figure 1: Configuration with Avaya Aura Experience Portal and INI IDReset 4 of 16
3.2. Equipment and Software Validated The following equipment and software were used for the sample configuration: Equipment Avaya Aura Experience Portal 7.0.0.0.6604 Software Avaya Aura Communication Manager running in S8300D server INI IDReset TM 1.0 6.3 SP10 LumenVox Automatic Speech Recognizer 12.1.100 5 of 16
4. Configure Avaya Aura Experience Portal This section covers the administration of Avaya Aura Experience Portal. The following Experience Portal configuration steps will be covered: Configuring INI IDReset Application Experience Portal is configured via the Experience Portal Management (EPM) web interface. To access the web interface, enter http://<ip-addr>/ as the URL in an internet browser, where <ipaddr> is the IP address of the EPM. Log in using the Administrator user role. The screen shown below is displayed. Note: All of the screens in this section are shown after the Experience Portal had been configured. Don t forget to save the screen parameters as you configure Avaya Aura Experience Portal. 6 of 16
In the Applications page, add an Experience Portal application to handle incoming calls. Navigate to System Configuration Applications Add. The screen capture below shows the sample configuration that was used during compliance testing. 7 of 16
5. Configure INI IDReset This section describes the steps required to configure the IDReset voice application for use. It is assumed that the product has already been installed, and base configuration performed, by Interactive Northwest, Inc. The IDReset voice application behavior is configured via the included web administration tool. The product comes installed with default application settings which should be modified by the administrator specific to the customer environment. These settings are described below. For additional information, refer to the INI documents, IDReset_Release_Install_Notes_v1.0.docx and IDReset Administration User Guide.docx. 5.1. Accessing the Web Administration Interface Perform the following steps to access the web screen-based administration utility for IDReset. 1. Open a web browser on a computer that has network connectivity to the IDReset server. 2. Enter the following in the browser address bar: https://<dns name or IP address of the server>/webadmin The following login screen will be displayed. 3. Enter the default Username and Password (admin/adminpw1). You will have the ability to change this once logged in. 8 of 16
4. After logging in, the dashboard home screen will be displayed: 9 of 16
5.2. Notification and Lockout Settings The thresholds for password reset and login failures are configurable. IDReset initiates outbound emails to the administrator when defined thresholds have been exceeded. Though not configured during compliance testing, the administrator can define the levels at which certain failure events in the voice and web applications will generate a notification email. In order for notification messages to be sent by IDReset, an SMTP server must be configured in the Environment tab (not shown). To configure, select Notification and Lockout tab; the required fields for notifications are: Administrator Email Address. The email address to send notifications to Overall Failed Reset Attempts Threshold. The total combined failures for both phone and web reset, for all users, that will generate a notification Single User Failed Reset Attempts Threshold. The total combined failures for phone and web reset by a single user that will generate a notification Failed Enrollment Login Attempts Threshold. The total login failures in the web enrollment application, for all users, that will generate a notification Failed Administrator Login Attempts Threshold. The total login failures in the web administration application, for all users, that will generate a notification Enter all fields and click Save. A confirmation message will be shown: 10 of 16
IDReset also provides the ability to lock users out of the phone reset, web reset, and administration applications if failed attempts exceed defined thresholds. All counters track consecutive failures, regardless of the time that lapses between attempts, until a successful login occurs. Once locked out, the user will not be allowed to access the IDReset interface until the administrator unlocks that user ID. Lockout settings are: Consecutive Web Authentication Failures Before Lockout. The number of times, in a row, that a single user fails to authenticate in the web reset application before being locked out Consecutive Voice Authentication Failures Before Lockout. The number of times, in a row, that a single user fails to authenticate in the voice reset application before being locked out Remote Admin Login Failures Before Lockout. The number of failed web administration login attempts from a remote machine before the interface is locked. The only way to unlock the administrator login is via a utility run at the system console Enter all fields and click Save. 11 of 16
5.3. Application Behavior Settings The Application Behavior page allows the administrator to configure settings for the end-user applications. The number and type of questions asked, password expiration time, and transfer enablement are all defined on this screen. Settings defined in the Application Behavior section govern behavior of the voice and web password reset applications. Available configuration options are: # of Voice Reset Questions. How many challenge questions to ask the user in the voice reset application # of Web Reset Questions. How many challenge questions to present to the user in the web reset application Temporary Password Expiration Time. The duration, in minutes, for which the temporary password will be valid. Applies to both voice and web reset applications Enable Voice App Transfers. A Boolean checkbox indicating whether callers to the voice app should be allowed to transfer to a live person. Applies regardless of time of day/day of week Voice App Transfer Number. The digit string, including any required outdialing characters (9,1, etc.) to which calls should be transferred from the voice application Enter all fields and click Save. The following screen capture displays the values configured during compliance testing. 12 of 16
5.4. Other IDReset Configuration Numerous other configuration values for the enrollment application and base product are defined via the Web Administration tool. For a complete list of all IDReset configuration items, refer to the INI document IDReset Administration User Guide.docx. 13 of 16
6. Verification Steps This section provides the verification steps that may be performed to verify that Experience Portal can run INI IDReset applications. 1. From the EPM web interface, verify that the MPP server is online and running in the System Monitor page shown below. 2. From the EPM web interface, verify that the ports on the MPP server are in-service in the Port Distribution page shown below. 3. Enroll a group of Active Directory users via either the Web Enrollment or Batch Enrollment tool. This process is outlined in the INI document IDReset Administration User Guide.docx. 4. Place enough calls to the INI IDReset application to verify the questions are as per the configuration. 7. Conclusion These Application Notes describe the configuration steps required to integrate the INI IDReset application with Avaya Aura Experience Portal. All feature and serviceability test cases were completed successfully. 14 of 16
8. Additional References This section references the product documentation that is relevant to these Application Notes. [1] Administering Avaya Aura Experience Portal, April 2013 [2] Administering Avaya Aura Communication Manager, Release 6.3, Document 03-300509, Issue 7.0, December 2013 [3] IDReset Administration User Guide, October 2014 [4] IDReset_Release_Install_Notes_v1.0, October 2014 15 of 16
Avaya and the Avaya Logo are trademarks of Avaya Inc. All trademarks identified by and are registered trademarks or trademarks, respectively, of Avaya Inc. All other trademarks are the property of their respective owners. The information provided in these Application Notes is subject to change without notice. The configurations, technical data, and recommendations provided in these Application Notes are believed to be accurate and dependable, but are presented without express or implied warranty. Users are responsible for their application of any products specified in these Application Notes. Please e-mail any questions or comments pertaining to these Application Notes along with the full title name and filename, located in the lower right corner, directly to the Avaya DevConnect Program at devconnect@avaya.com. 16 of 16